kernel-pfkey: Read reqid directly from acquire if possible

Upcoming versions of FreeBSD will include an SADB_X_EXT_SA2 extension in
acquires that contains the reqid set on the matching policy.  This allows
handling acquires even when no policies are installed (e.g. to work with
FreeBSD's implementation of VTI interfaces, which manage policies
themselves).

diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index dbe409a623405e24b102779882dd153e86be758b..37170a310e98d73ba9d8ec0484ea0a6f917c91d1 100644 (file)
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
  * Copyright (C) 2008 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -1287,20 +1287,27 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this,
                return;
        }
 
-       index = response.x_policy->sadb_x_policy_id;
-       this->mutex->lock(this->mutex);
-       if (this->policies->find_first(this->policies, policy_entry_match_byindex,
-                                                                 (void**)&policy, index) &&
-               policy->used_by->get_first(policy->used_by, (void**)&sa) == SUCCESS)
+       if (response.x_sa2)
        {
-               reqid = sa->sa->cfg.reqid;
+               reqid = response.x_sa2->sadb_x_sa2_reqid;
        }
        else
        {
-               DBG1(DBG_KNL, "received an SADB_ACQUIRE with policy id %d but no "
-                                         "matching policy found", index);
+               index = response.x_policy->sadb_x_policy_id;
+               this->mutex->lock(this->mutex);
+               if (this->policies->find_first(this->policies, policy_entry_match_byindex,
+                                                                          (void**)&policy, index) &&
+                       policy->used_by->get_first(policy->used_by, (void**)&sa) == SUCCESS)
+               {
+                       reqid = sa->sa->cfg.reqid;
+               }
+               else
+               {
+                       DBG1(DBG_KNL, "received an SADB_ACQUIRE with policy id %d but no "
+                                "matching policy found", index);
+               }
+               this->mutex->unlock(this->mutex);
        }
-       this->mutex->unlock(this->mutex);
 
        src_ts = sadb_address2ts(response.src);
        dst_ts = sadb_address2ts(response.dst);